search for: trustcenter

...N Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de The function sc_prkey_op_init (in scard-opensc.c) requires for every private key a PKCS#15 AuthenticationObject object, but the this object is optional => sc_prkey_op_init fails if the key is not protected by a PIN. If sc_pkcs15_find_pin_by_auth_id retuns SC_ERROR_OBJECT_NOT_FOUND then (mos...

...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de Attached is patch with which the ssh-agent will use the optional PKCS#15 private key label (if existing) as the comment for the smartcard key (instead of the standard comment "smartcard key"). In case sc_get_key_label returns NULL the standard comment is used. Comments etc. are welc...

Dear reader, we are using dovecot 2.2.7 and like it very much. Authentication is done via a checkpassword program that does two things: 1) check wether the client has connected via SSL using a client certificate 2) check wether the client is using a one time password generator Most of our users are using certificates that we have created ourself. These certificates contain a

...) Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de There's a small bug in scard-opensc.c. The OpenSC function sc_pkcs15_decipher is called with the wrong flag. Currently sc_private_decrypt set the flag to 0 and hence OpenSC uses RSA raw to decipher the cryptogram => the Smartcard (or OpenSC) does not remove the PKCS#1 padding => v1 a...

...Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: enhancement Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de sc_get_keys loads the public keys from every certificate stored on the smartcard. Therefore public keys of CA certificate (or other certs for which there's no corresponding private key on the smartcard) are loaded into the ssh-agent. This has (at least) two drawbacks: a) loading certificat...

...e Product: Portable OpenSSH Version: -current Platform: All OS/Version: Linux Status: NEW Severity: normal Priority: P2 Component: Smartcard AssignedTo: openssh-bugs at mindrot.org ReportedBy: larsch at trustcenter.de There's currently a small problem in scard-opensc.c if there's more than one private key object for a given certificate (i.e. public key). For example some cards OSs do not support signing and decryption with one private key object => if you want to use the same key for signing and...

Hi, I think there's a small bug in sc_private_decrypt in scard-opensc.c (see attached patch). The 'flags' parameter in the sc_pkcs15_decipher function call should be set to SC_ALGORITHM_RSA_PAD_PKCS1 and not to 0. If flags == 0 then sc_pkcs15_decipher uses RSA raw as a default method which has (at least) two drawbacks a) not all cards support RSA raw and b) sc_pkcs15_decipher does not

Hi, from ChangeLog: 20030609 - (djm) Sync README.smartcard with OpenBSD -current My I ask why the OpenSC section has been removed ? Note: OpenSSH + OpenSC works for me (at least with a recent OpenSC snapshot). Regards, Nils

Hi, the current CVS version (head) of OpenSSH doesn't build with OpenSC because the sc_get_key_label function is currently not defined in scard-opensc.c => please apply the scard-opensc.c part of patch #330 (see: http://bugzilla.mindrot.org/attachment.cgi?id=330&action=view ). Regards, Nils